Your backup data sets can become a treasure trove for advanced threat detection

Despite ever increasing investments in security technologies, data breaches and cyber incidents are increasing at a relentless rate, and the problem is projected to keep getting worse. Industry research shows that attacks from ransomware, data compromise, malicious email and credential theft more than doubled to 160,000 incidents per year, with unreported incidents likely bringing the true number to more than 350,000.

While much of the press focused on breaches to high profile targets, every size organization is affected by cyber incidents. In the last year, close to 70 percent of small and mid-sized businesses reported a cyber attack that evaded intrusion detection systems, and more than 80 percent said that malware was not caught by their antivirus software. Close to 55 percent of these companies said they were attacked by ransomware, not just once, but more than twice!

With an exponentially increasing number of vulnerable endpoints, rapidly expanding threat complexity and limited staff and IT budgets, it’s clear that IT teams simply cannot keep up with today’s hostile cyber landscape.

Classic but insufficient

Traditional approaches like firewalls and antivirus solutions are ubiquitous and avert countless security disasters every day. For IT shops with limited budgets and staff, these are the go-to solutions for cyber threat prevention and detection. Though universal in deployment, the macro statistics obviously indicate a more comprehensive approach is needed.

For organizations with ample resources and skills, security incident & event management (SIEM) solutions can be very effective at aggregating a diverse collection of endpoint security data. An endless array of sensors can be integrated to provide comprehensive and rich security data for almost any type of cyber analytics. However, these big data platforms are complex and expensive to deploy and manage. Even sophisticated IT shops cite challenges with the sheer volume of flags, false positives and alert fatigue that typically result. Unfortunately, hidden in the mountain of data are the numerous threats that slip through, undetected and untriaged.

Whether or not a company has the budget for the most sophisticated cybersecurity tools and specialized personnel, the bottom line is the classic technologies are not stopping the escalating threats from compromising vital IT systems.

Holes in the safety net

How are companies coping? Backup and disaster recovery systems are widely viewed as the final insurance policy against a cyber attack. While you will inevitably suffer some data loss, depending on the frequency of restore points taken, recovery using the last known good configuration is a perfectly sound and responsible method. Of course, using backups to respond to a security breach assumes clarity on exactly when the attack occurred and discipline with ongoing backup testing. Otherwise, the manual process effort can be not only highly labor-intensive but also protract, assuming it is possible at all.

Making matters worse, breaches often cascade across corporate networks and compromise a range of systems and databases, further complicating the recovery effort. And as today’s malware continues to increase in sophistication, the level of manual effort required to solve the cyber attack puzzle and test all system components can be extraordinary. However, backup and disaster recovery systems are currently the best option of a last resort.

On the horizon

There’s good news, however. Soon, you’ll be seeing intelligent and fully-automated tools that leverage granular backup and replication data sets to continuously detect security compromises, irregularities from bad actors and other suspicious backup attributes that pose risks to a rapid recovery. When accessible, backup files and their metadata are a treasure trove of context-rich cybersecurity data. Organizations both large and small will be able to leverage this data to dramatically increase their security posture and decrease the labor-intensive manual effort required today.

New approaches can use data transformation, security fingerprinting, machine learning and advanced analytics to analyze backup and replication data, as it’s captured. By integrating with threat intelligence feeds, cyber threats can be detected as they happen. Latent malware and other anomalous behavior can be immediately surfaced together with the risk profile and remediation options.

This method is highly efficient because compared to SIEM and solutions of the past, backup data is offline, and analysis avoids impact on production environments while simultaneously benefitting from the fine-grained change sets being continuously captured by backup and disaster recovery systems. Security analysis can be conducted in near real time depending on backup frequency. Utilizing backup and replication data sets for cybersecurity purposes is a completely new approach to attaining a multi-layered, security program at a price point that’s practical for all IT shops, not just those with enterprise security budgets.

New thinking can provide dramatic improvements in the security posture of your organization by tapping into a previously inaccessible, but a supremely rich source of data for advance threat detection and analysis. We all agree that every organization needs more effective weapons in the cybersecurity toolset. The best news is that a multi-layer cybersecurity strategy can finally be accessible for any IT shop using the backup and replication data sets already being captured.